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System for providing time dependent conditional access 



The invention relates to a system and method of providing conditional access 
to a stream of media information, and to a secure device for use in such a system. 

It is well known to use encryption to facilitate conditional access to media 
information such as video and audio signals. A receiving station is given access to the 
5 information by supplying the decryption key for decrypting the information. Only entitled 
subscribers are provided with a key. Keys are conventionally distributed using a smart card 
(or more generally a secure device, which is protected against tampering by unauthorized 
persons). 

A commonly applied key distribution scheme transmits three types of 
10 information: encrypted content, Encryption Control Messages (ECM's) and Encryption 

Management Messages (EMM's). The content is encrypted so that different keys are needed 
in successive time intervals to decrypt the content. The secure device supplies these keys 
under control of the ECM's and EMM's. An ECM is transmitted each time when the key to 
decrypt the content has to be changed. The ECM contains the key in encrypted form, so that 
15 the secure device can decrypt the key from the ECM. 

However, the secure device will supply the decrypted key only if it is entitled 
to do so. The entitlement is determined from entitlement information in the secure device and 
records for example, whether the subscriber that holds the secured device may decrypt in 
formation at all, or if so which types of content may be decrypted. The secure device supplies 
20 keys only for those types of information. The entitlement information is updated under 
control of the EMM's, which are normally transmitted less frequently than the ECM's. 

From European Patent Application No. 635 790 it is known to provide time 
dependent conditional access. The secure device of this publication contains a Time Of Day 
clock, which counts atime value that represents an absolute time. The secure device 
compares a time interval in which a subscriber has been granted access to information with 
the time value. Access is allowed only when the time value is in the time interval. Thus, 
when access is allowed only during a trial period, it can be prevented that the subscriber 
gains access outside the trial period. 
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For the operation of time dependent conditional access it is important that the 
time value of the time of day clock cannot be tampered with. According to European Patent 
Application No. 635 790 this is realized by periodically transmitting authenticated time 
stamps to the secure device. The secure device checks the authorization of the time stamps 
and updating the time value of the time of day clock according to the authorized time stamps. 
Between successive updates the clock changes the time values according to a local count of 
time. However, to prevent that clock drift compromises the reliability of the clock, the device 
prevents its use for granting access when it has not been updatedwith a time stampfor a 
predetermined time interval. 

Although this device provides for time dependent conditional access it has 
some drawbacks. First of all, the clock has to run continuously, which can be impractical i 
secure devices such as smart cards and is moreover sensitive to tamper attempts to change 
clock speed. Secondly, this scheme is not resistant to tamper attempts in which the time 
stamps are intercepted, stored and supplied to the secure device with a delay. 



Amongst others, it is an object of the invention to provide for a system and 
method of conditional access, which has other protection against tampering with time 
dependent conditional access. 

More in particular, it is an object of the invention to provide such a system and 
method in a system that receives continuous streams of encrypted content and encryption 
control messages. 

ft is another object to pTo^e for such a system and method in which no 
continuously running clock is needed. 

The invention provides for a system according to Claim 1. According to the 
invention, the time value is updated in response to the reception of encryption control 
messages. The subscriber is forced to allow these updates if he or she wants to access the 
encrypted contents and no special information is needed to make normal clock updates. In 
principle, an internal clock oscillator could be used in the secure device to advance the clock 
independently between encryption control messages to realize an even more reliable clock. 
But the reliability is reduced only slightly if these updates or even the oscillator are omitted, 
because the use of encryption control messages from a continuous media stream ensures 
regular updates. This leads to a less complex (and costly) structure for the secure device 
(which is preferably a smart card, without its own power supply). 
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The time value could simply be incremented by a fixed amount each time an 
encryption control management message is received, if one can rely on the fact that the 
encryption control messages are incorporated in the media stream on average with a 
predictable frequency. In an embodiment of the system according to the invention, a time- 
stamp from the encryption control messages, which serves to check entitlement to use the key 
in the message are also used to update the time value in the secure device. In an embodiment, 
the time-value is set to the value of the time-stamp, or a value corresponding to it, provided 
the new value is later than the old time value. 

In a further embodiment, the difference between timestamps of successive 
encryption control messages is determined, and the time value in the secure device is 
incremented according to this difference. This is particularly useful if the system allows 
viewing content with a time-shift (i.e. to view old content, that has been stored in the system 
for some time, say from the afternoon to the evening). By using differences it is still possible 
to ensure reliable time values when content is decrypted with a time shift, without having to 
access a "live" stream of time stamps as frequently as the encryption control messages arrive.. 

In another embodiment, time-stamps from less frequent encryption 
management message from a live stream are used to set the absolute value of the time value 
in the secure device (i.e. not differentially). For this purpose the secure device may have to 
monitor both a live media stream and a time shifted stream to decrypt the time shifted stream, 
but this involves little overhead, since from the live stream only encryption management • 
messages need to be interpreted. Thus, errors in the time stamps of encryption control 
messages can be corrected (these errors might be uncorrectable since the secure device 
prevents that the time value can be set back by an encryption control message, even if the 
time value has been set forward due to an error). Even when the time stamps from the 
encryption control messages are not used, such use of time stamps from encryption control 
' messages helps to increase protection against tampering with the time value, since tampering 
would have to involve coordinating a number of streams. 

In a further embodiment the user is forced to allow the secure device to copy 
time-stamps from the encryption management messages because the secure device is 
arranged to allowupdates by means of encryption control messages only for a predetermined 
number of times after receiving an encryption management message, if no new encryption 
management is received with a later time stamp. This will increase security of the time value 
if encryption control messages are used to update the time value in general, but particularly if 
decoding of time shifted streams is allowed, because it forces the user to supply a live stream 
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as well during decryption of the time-shifted stream. Management information from the live 
stream will thus be processed by the secure device even if a time-shifted stream is decoded, 
allowing updates to entitlements. Separately from this, obligatory use of encryption 
management messages from the live stream allows correction of the time value if a time 
stamp from an encryption control message has lead to an erroneous time value. 



These and other objects and advantageous aspects of the system and method 
according tb^'elnvenHon wilTbe discussed in more detail using the following figure. 
1 0 Figure 1 shows a system for providing conditional access. 



Figure 1 shows a system for providing conditional access. The system contains 
a source 10 of an encrypted media stream, a conditional access apparatus 12 and a storage 
15 device 16 (for example a magnetic or optical disk or a tape recorder). The source 10 has an 
output coupled to the conditional access apparatus 12 and the storage device 16. The storage 
device 16 has an output coupled to the conditional access apparatus 12. 

The conditional access apparatus 12 contains a receiving section 120, a 
content decoder 122, a rendering device 18 and a secure device 14 (for example a smart 
20 card). The receiving section 120 receives inputs from the source 10 and the storage device 16 
and has an output for encrypted content coupled to the content decoder 122, and outputs for 
encryption control messages (ECM's) and encryption management messages (EMM's) 

coupled-to secure device 14 (although sh^ may in fact be 

combined into a single output). The secure device 14 has an output coupled to a key input of 
25 decoder 1 12. Decoder 122 has an output for decrypted content coupled to rendering device 
18. 

Secure device 14 contains a decryption unit 140, a management unit 142 and 
time value storage 144. Decryption unit 140 has an input coupled to the output for ECM's of 
the receiving section and an output coupled to the key input of decoder 122. Decryption unit 
30 140 also has an output for time stamps coupled to management unit 142. Management unit 
142 has an input coupled to the output for EMM's of the receiving section 120. Furthermore 
management unit 142 has inputs and outputs coupled to time value storage 144. Separate 
inputs are shown for EMM's and ECM's but of course these may be supplied via a single 
input and processed separately in the secure device 14. 
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b operation, source .0 transmits one or more streams of enerypted media 

(EMM'S). The bandwidth requirements for these .terns drffers w*** 
eouire a permanent bandwidth of several megabits per second, whereas ECM may , 
require a perm«uiom m j„ llt p EMM's are transmitted 

W than a kilobit and are transmitted, say, only once every minute. EMM s 
less than a kilobit an encrypt ion control messages contain keys for 

even less frequently, say, once per hour. The encryption encryp tion 

a „ w These kevs themselves are also encrypted. The encrypuon 

section 120 passes encry F decrypts' 

122 Atieas.forsomeofmekeysentttlementdependsonume.Managementum 142 

more complicated form entitlement may be reiated to the ume-stemp of the ECM ^lowmg 
Z supply of Keys for examp!e only if the difference between me time value and *e tune 
^ within certainrange. Thus, for example, one cnuld entitle the userto v ; ew oniy 

control messages the system can distinguish between live information received from the 
source 10 and time shifter information received from storage devrce 16. 
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The time value in time value storage 144 is regularly updated by management 
unit 142. According to the invention, this is preferably done each time when an ECM is 
received (or each time a predetermined number of ECM* s has been received). In a simple 
embodiment, the management unit 142 increases the time value by a fixed amount for each 
5 received ECM for which the time value is altered. 

In a more advanced embodiment, management unit 142 compares the time 
value with the time-stamp of the ECM and sets the time value to a time corresponding to that 

time value, provided that the new time value encodes a later time than the stored Jimejvdue 

Intime value storage 144. 

10 In yet another embodiment, management unit 142 computes the new time 

value that it stores in time value storage 144 by adding an increment to the old time value 
from time value storage 144. Management unit 142 computes the increment by additionally 
storing information from the time-stamp of a previous ECM for which the time value is 
incremented, and determining the difference between the times represented by the time stamp 

15 of the current ECM and this previous ECM. From this difference management unit 1 42 
determines the size of the increment and adds the increment to the old time value to 
determine the new time value, provided the increment is positive. The incremented time 
value is stored in time value storage 144. Additionally the time stamp of the current ECM is 
stored to enable computation of the difference for a future ECM. Thus, it is also possible to 

20 use time-shifted streams to determine the increment. 

Preferably, the management unit also uses time-stamps from the EMM's to 
update the time value in time value storage 144. The EMM's are distinguished from the ^ 

- ECM r sm"tfiiat tfieyare transmitted less frequently (because they do not need to supply keys 

for the encrypted content) and in that they contain management information, for example to 

25 set the type and times content for which the secure device 14 is entitled to supply keys. Thus, 
the EMM's are essential for controlling the conditions of access, but not directly for 
providing access. Preferably, the secure device 14 forces the user to supply EMM's by 
disabling the use of the time value in time value storage 144 for the authorization of issuing 
of decrypted keys when a number of ECM's has been received in a time-interval without 

30 receiving a new EMM's in the same time interval. That is, by disabling the supply of any 

keys to decoder 122, if the supply is conditional on the time value. For example, if an EMM 
is transmitted every hour and ECM's are transmitted every minute, the time value may be 
disabled if more than 60 ECM's have been received without receiving any EMM. 
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• In a further embodiment, management unit 142 uses time stamps torn the 
EMM, to set the time valne in time valne storage 144. This setting may he protected so that 
devalue may only increases* compared witir to fctes. tirne value -*;>™ 
EMM. For this purpose, management unit 142 may store to«inre-s*mp (or natron 

rpTfu.enewEMMheforesetthrgthettme value. Thus errom * to time v,ue (ca^ed 

for example by erroneous ECM's) can be corrected. 

.^fnrtherembodimen^condihonalaccessappaxanrs 12 allows me use of a 

sueam from srorage device 16. Of course, the ECM, of to stream will contain time- 
1 stamps tttat are older ton the time value in time value storage, but tire entitlement 

Tbe effect of tins is tot the EMM'S and ECM's of the old stream wtil be supphed to tire 

receiving section 120 from storage device 16. According to to invention 
LonU^^reoeiveaUvesti^ti.getorwtmtooldsn^.nextinctEMM^ 

Lives tose EMM's and uses time-stiunps and management information from tose EMM a 
Zatc to entitlements and to time value in time value srorage 144. Thus, rt ts ensure* 

recorded (time-shifted) content is processed. The increment in to time values may be 

be processed for this purpose. 

Although to decryption unh 140, management unit 142 and time value 
srorage 144 have been shown separately, it will be appreciated tot tose functions may m 
« I combined ,0 a large extent, for example in a micro-processor, to time value bemg 
25 led in a register. Instead of a register an, other kind of storage may be used, for ex^rple a 
^nmamemo^oracounter.whichupda^totimevaluebymeansof.pu.esftoma 

clock. Management of entitlement and time values may be controlled using a computer 
program executed by this micro-processor, but of course dedicated hardware may also be 
used to perform the relevant functions. 
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! . A system for providing time dependent conditional access to information, the 

system comprising 

- a source sub-system (10) arranged to provide 
-successive keys encrypted in encryption control messages and 

-the information in an encrypted form that is successively decryptable with the successive 
keys* 

- a dlcoder (122) fox decoding the information, with an input for receiving the keys; 
a secnre device (14) arranged for receiving the encryption control messages, decrypting the 

keys from the messages and snpplying the keys to me decoder (122), the secnre device (14) 
maintaining atime value, the secure device (14) heing arrange* to control the supply of the 
keys dependent on the time value, wherein the secure device (14) is arrangen to increment the 
time value in response to reception of respective ones of the encryption control messages. 

2 A system according to Claim 1 , wherein the source sub-system (10) is 

amurged to include time-stamps in the encryption control messages, the secure device (14) 
being arranged to decide whether to supply the keys dependent on a comparison between the 
time-stinnps and tire time value, the secure device (14) being arranged to control a size of tire 
update according to the time-stamp, with a limitation to increases in the time value. 

20 3 A system according to Claim 2, the secure device (14) being arranged to 

determine a difference between the time stamp of a current encryption control message and a 
further time stamp of a preceding encryption control message and to increase the time value 
with said difference. 

25 4 A system according to Claim 2, wherein the source sub-system (10) is 

arranged to transmit encryption management messages at a lower frequency than sard 
encryption control messages, the encryption management messages comprising time stamps, 
the secure device (14) being arranged to set the time value according to the time stamps m 
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response to receiving the encryption management messages, conditional upon receiving 
increasing time stamps. 

5 - A system according to Claim 4, arranged to process the content and encryption 
control messages from a time shifting memory (16), and to substitute encryption management 
messages from a live stream for encryption management messages from the time shifting 
memory (16). 

6 - A system according to Claim 1, wherein the source sub-system (10) is 
arranged to transmit encryption management messages at a lower frequency than said 
encryption control messages, the encryption management messages comprising time stamps, 
the secure device (14) being arranged to set the time value according to the time stamps in 
response to receiving the encryption management messages, conditional upon receiving 
increasing time stamps. 

7 - A system according to Claim 6, arranged to process the content and encryption 
control messages from a time shifting memory (16), and to substitute encryption management 
messages from a live stream for encryption management messages from the time shifting 
memory. 

8 - A system according to Claim 6, wherein the secure device (14) is arranged to 

disable supplying of the successive keys dependent on the time value when a predetemined 

number of the encryption control messages has been received after receiving a first one of the 
encryption management messages with a first one of the time stamps without receiving any 
subsequent second one of the encryption management messages with a second one of the 

time stamps for a time that follows a time of the first one of the time stamps. 

9 - A method of for providing time dependent conditional access to information, 
the method comprising 

- transmitting successive keys encrypted in encryption control messages and the information 
in an encrypted form that is successively decryptable with the successive keys; 

- receiving the encryption control messages 

- maintaining a time value, incrementing the time value in response to reception of respective 
ones of the encryption control messages; 
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- decrypting the keys from the messages; 

- controlling a supply of the keys to a decoder dependent on the time value. 

10 . A secure device for providing time dependent conditional access to 

information, the secure device having 

- an input for receiving successive keys encrypted in encryption control messages; 
decryption unit for decrypting the keys from the messages; 

an output for supplying the keys to a decoder, 
am emoryforstoringatime value, the secure device being arranged to con*ol the supply of 
to keys dependent on the time value, wherein the secure device is arranged to increments 
time value in response to reception of respective ones of the encryption control messages. 

! l A computer program product comprising computer instructions for causing a 

secure device (14) with an input for receiving the encryption control messages to 
- m aintainatime value, incrementmg me tm^e value in response to reception of respect 

ones of the encryption control messages; 

- decrypt the keys from the messages; 

- control a supply of the keys to a decoder dependent on the time value. 



- a 

- an 
a 
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ABSTRACT: Q 



A source transmits (10) successive keys encrypted in encryption control 
messages and information in an encrypted form that is successively decryptable with the 
successive keys. A decoder (122) decrypts the information. A secure device (14) receives the 
encryption control messages, decrypts the keys from the messages and supplies the keys to 
the decoder (122). The secure device (14) maintains a time value. The secure devxee (14) 
controls the supply of the keys dependent on the time value, and increments the time value rn 
response to reception of respective ones of the encryption control messages. 



Fig. 1 
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